saml-idp
mundane
saml-idp | mundane | |
---|---|---|
2 | 4 | |
1 | 1,069 | |
- | -0.2% | |
0.0 | 0.0 | |
almost 5 years ago | 10 months ago | |
Tcl | Rust | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
saml-idp
- SAML Is Insecure by Design
-
The Difficulties of SAML Single Logout
To be fair, SAML itself isn't that difficult -- Shibboleth is just not very good.
I implemented a SAML IdP [0] in MUCH less time than it took to configure Shibboleth. The specification for SAML is pretty easy to comprehend.
The implementation is really an experiment, but the configuration and usability is significantly better. Improving the implementation doesn't affect this. In some closed-source forks I've written a production version that's been in use for several years.
[0] https://github.com/rkeene/saml-idp/blob/master/lib/saml/saml...
mundane
-
Crates for helping with C FFI?
I'm the author of Mundane, which wraps BoringSSL, which is written in C. We have some internal utilities which make it safer to work with C objects by doing a certain amount of automatic memory management and lifecycle tracking.
-
SAML Is Insecure by Design
Most problems with security specs and libraries that implement them are communication problems. They involve people incompletely describing or understanding their requirements, capabilities, or threat model. Usually this also involves providing/using interfaces that are not ergonomic (https://github.com/google/mundane/blob/master/DESIGN.md), which in turn comes from the spec trying to do too much (as XML Signature does).
I don't know how GPT could help with that. If anything I would expect it to bias toward things it has already seen, which is the opposite of what you want when writing a new spec/library aiming to avoid past mistakes.
-
Void Linux: "Switching back to OpenSSL"
I'm quite intrigued by mundane which is cryptography library with a Rust interface that contains lots of code from OpenSSL (via BoringSSL, which is a fork of OpenSSL).
-
How to implement a simple password-based encryption with ring?
(https://sequoia-pgp.org/, https://github.com/google/mundane, etc)
What are some alternatives?
ASP.NET SAML - Very simple SAML 2.0 consumer module for ASP.NET/C#
RustCrypto - Authenticated Encryption with Associated Data Algorithms: high-level encryption ciphers
fusionauth-issues - FusionAuth issue submission project
shib-sp - Containerized Shibboleth SP
fusionauth-samlv2 - SAML v2.0 bindings in Java using JAXB
orion - Usable, easy and safe pure-Rust crypto [Moved to: https://github.com/orion-rs/orion]
rage - A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
reqwest-impersonate - Impersonating the Chrome browser made easy
void-packages - The Void source packages collection